Re: SELinux - a call for end-of-life.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Ed Greshko <Ed.Greshko@xxxxxxxxxxx> wrote:
>Sent: Sep 2, 2010 6:58 AM
>To: Community support for Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx>
>Subject: Re: SELinux - a call for end-of-life.
>
> On 09/02/2010 08:41 PM, Tim wrote:
>> Ed Greshko:
>>>>> Are you saying that you think it is a good idea to be allowed to chown
>>>>> of a file under your UID to another's UID as a normal user?
>> Tim:
>>>> You've never downloaded a file as one user, that another user wanted, or
>>>> another of your own logins needed, and then had to move it from one to
>>>> the other?
>> Ed Greshko:
>>> That wasn't my question....
>> Well it was the situation I was originally talking about.  Are you
>> saying that nobody should be allowed to do that?
>>
>I am saying that it would be fraught with danger.  You'd need to control
>who and under what circumstances a given user would be allowed to disown
>a file and transfer ownership to another.  I can see it being abused
>(intentionally or unintentionally...due to mis-configuration or whatnot)
>where an executable is "given" to a "target" and bad things could
>result.  I just see that too much thought would be needed to put this
>into practice. 
>
>In real life, I don't think it is as easy or straight forward as imagined.
>
And it should not be.

However, this portion of the thread is the first case where I could actually state that this could be a MAJOR security hazard.  Let's expand this:

1.  An account with a weak password gets compromised.
2.  This account has a file added (either FTP/SFTP upload or a malicious script is written).
3.  The ownership of this file is changed to a user with elevated privileges, but not root.

It is rather interesting, but if this is prevented, then the file remains just a space waster...

This is one of the functions of a good security system.  

However, if the user was root, this whole case changes.  A good security system should prevent or disable root login excepting a specific set known hosts or only from specific users if internal (su).

James McKenzie

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux